HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 4: (Optional) Securing Payload Packets Routed Through the Home Agent
Chapter 7226
Syntax
ipsec_config add tunnel
payload_tunnel_name
-tsource
home_agent_addr
-tdestination
mn_home_addr
-source
cn_addr
-destination
mn_home_addr
-protocol ALL -action
transform_name
-in
manual_key_sa_specification
-out
manual_key_sa_specification
payload_tunnel_name
The
payload_tunnel_name
is the user-defined
name for the payload tunnel IPSec policy. This name must be unique for
each tunnel IPSec policy and is case-sensitive. The name must be 1 - 63
characters. Each character must be an ASCII alphanumeric character,
hyphen (-), or underscore (_).
-tsource
home_agent_addr
The
home_agent_addr
is the Home
Agent’s IP address. This cannot be a wildcard or subnet address.
-tdestination
mn_home_addr
The
mn_home_addr
is the Mobile Node’s
home address. This cannot be a wildcard or subnet address.
-source
cn_addr
The
cn_addr
is the Correspondent Node’s address. In
many cases, there will be a large number of possible Correspondent
Nodes and you may want to use the IPv6 wildcard address instead
(0::0).
-destination
mn_home_addr
The
mn_home_addr
is the Mobile Node’s
home address.
-action
transform_name
The
transform_name
must be an
authenticated ESP transform with a non-null authentication method,
according to the Mobile IPv6 protocol specification. For example,
ESP_AES128_HMAC_SHA1
.
-in and -out
manual_key_sa_specification
For Mobile IPv6, the
format for
manual_key_sa_specification
is defined in “-in and -out
manual_key_sa_specification” on page 212.